#!/usr/bin/env bash

source ./config/env.sh
clear

mkdir -p ${K8S_CA_DIR}/admin

cat > ${K8S_CA_DIR}/admin/ca-config.json <<EOF
{
  "signing": {
    "default": {
      "expiry": "87600h"
    },
    "profiles": {
      "kubernetes": {
        "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ],
        "expiry": "87600h"
      }
    }
  }
}
EOF

cat > ${K8S_CA_DIR}/admin/ca-csr.json <<EOF
{
  "CN": "kubernetes",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "BeiJing",
      "L": "BeiJing",
      "O": "k8s",
      "OU": "4Paradigm"
    }
  ]
}
EOF

cd ${K8S_CA_DIR}/admin

${K8S_BIN_DIR}/cfssl gencert -initca ca-csr.json | cfssljson -bare ca

for master_ip in ${MASTER_IP}
do
  echo "=========================================== ${master_ip} ==========================================="
  ssh root@${master_ip} "test -e ${K8S_CA_DIR}/admin/ || mkdir -p ${K8S_CA_DIR}/admin/"
  scp ${K8S_CA_DIR}/admin/ca* root@${master_ip}:${K8S_CA_DIR}/admin/
done